Merge pull request #166082 from mweinelt/21.11/pdns

author: Martin Weinelt <mweinelt@users.noreply.github.com> 2022-03-28 17:18:50 +0200
committer: GitHub <noreply@github.com> 2022-03-28 17:18:50 +0200
commit: ecbb46a0337b66939355a31676689fed1f1c89f8 (patch)
tree: b7d4151cfa363e7c407336121e9eb41b674c8112
parent: 4ecbe233957a028441267760f9522952a8aea260 (diff)
parent: 657fc6d5d8b6cf4aa11b8647878e395ce7dc0b0a (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/pkgs/servers/dns/powerdns/default.nix b/pkgs/servers/dns/powerdns/default.nix
index cc7bb3317fd4..6a6b80bcd6c4 100644
--- a/pkgs/servers/dns/powerdns/default.nix
+++ b/pkgs/servers/dns/powerdns/default.nix
@@ -18,6 +18,12 @@ stdenv.mkDerivation rec {
       url = "https://github.com/PowerDNS/pdns/commit/05c9dd77b28.diff";
       sha256 = "1m9szbi02h9kcabgw3kb8k9qrb54d34z0qzizrlfiw3hxs6c2zql";
     })
+    (fetchurl {
+      # Fixes incomplete validation of incoming IXFR transfers
+      name = "CVE-2022-27227.patch";
+      url = "https://downloads.powerdns.com/patches/2022-01/pdns-4.4.2-xfr.patch";
+      hash = "sha256-WFycHFmDX6MvbOS9WDv+wx0rog7xkSGe/sxSVMWREOA=";
+    })
   ];
 
   nativeBuildInputs = [ pkg-config ];
author	Martin Weinelt <mweinelt@users.noreply.github.com>	2022-03-28 17:18:50 +0200
committer	GitHub <noreply@github.com>	2022-03-28 17:18:50 +0200
commit	ecbb46a0337b66939355a31676689fed1f1c89f8 (patch)
tree	b7d4151cfa363e7c407336121e9eb41b674c8112
parent	4ecbe233957a028441267760f9522952a8aea260 (diff)
parent	657fc6d5d8b6cf4aa11b8647878e395ce7dc0b0a (diff)